Michael asked "Where can I obtain information about security insurance as pertains to e-discovery vendors? In particular, I am wanting to learn more about insurance coverage and limits for cybersecurity incidents that arise while the data is in the custody or control of third parties."
A few years ago, I incorporated this type of insurance in a City-wide contract for off-site storage of records; not the identical situation, but perhaps close enough. Here's the language I used:
15.4.3. Security and Privacy Insurance with limits of at least $250,000 per occurrence and $1 million aggregate. The City, together with its officials and employees, shall be named an Additional Insured.
15.4.3.1. NOTE: While Security and Privacy Insurance may have begun as specifically-applicable to "cyber exposure", according to insurance industry information, it is today more generally-applicable to the unauthorized release of information, regardless of the medium on which that information is carried (see, for example, http://www.zurichna.com/zna/products/product/securityandprivacy.html). This insurance needs to cover the consequences of the unauthorized release of information.
NOTE: the Zurich URL cited above is out of date; the current URL is http://www.zurichna.com/zna/securityandprivacy/securityandprivacy.htm
Also, I benefited greatly from the advice of Kenneth Fontana; his email was [log in to unmask]<mailto:[log in to unmask]> (not sure if this is his current email address; if not, you can find him on LinkedIn).
I hope this helps.
Fred
------------------------------------------------------------------------------------
Frederic J. Grevin
Vice-President, Records Management
New York City Economic Development Corporation
www.nycedc.com<http://www.nycedc.com>
[log in to unmask]<mailto:[log in to unmask]>
212-312-3903 (w)
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
To unsubscribe from this list, click the below link. If not already present, place UNSUBSCRIBE RECMGMT-L or UNSUB RECMGMT-L in the body of the message.
mailto:[log in to unmask]